Andy, MAC Addresses work at layer 2. When a router receives a packet, it strips off the mac addresses, looks at its destination, appends its own mac addresses, and forwards out the appropriate interface. The MAC your seeing is probably your ISP's router. On 8/31/06, Andy Stewart <andystewart@comcast.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
HI everybody,
I'm playing with my firewall rules, trying to setup a rule that will recognize my laptop's mac address on an incoming connection.
I tried this:
iptables -I INPUT -m mac --mac-source uu:vv:ww:xx:yy:zz -j LOG - --log-prefix "Laptop Detected: "
That worked fine. I saw the appropriate log entry when my laptop ping'd the firewall. The log entry showed the expected mac address of my laptop. At that time, my laptop was plugged into my home network, which is connected to the "internal" interface of my firewall.
I then setup iptables to log all incoming packets from the firewall's external interface, and I noticed that in the log all incoming mac source addresses are the same. I didn't expect this. The address is 00:0b:bf:xx:xx:xx, which I think is a piece of Cisco hardware, and I don't have any Cisco hardware at home. Is this some hardware from my ISP ?
I'm guessing somebody is rewriting the packets to replace the source mac address, but clearly my knowledge of this is lacking, and thus I'm confused. Any helpers?
Thanks,
Andy
- -- Andy Stewart, Founder Worcester Linux Users' Group Worcester, MA, USA http://www.wlug.org
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFE95kJHl0iXDssISsRAmcUAJ4zD1PDX+TmZca7gzdmtvf7DwWgxACfUH4B 3awkKwfmcBN7nmu/WXjsre4= =6u9G -----END PGP SIGNATURE----- _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug